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( A FAULT TREE APPROACH TO NEEDS ASSESSMENT 
v AN’ OVERVIEW 


‘ 
A 


Recent avents, are panditecatingsts signal concern by the public ever the, ° 
* question of who ta going to guard the guards. This concérn is also evidence ® 
‘of a continuing loss of license by educators to a eh the public and their 
lake In some dtrstanees this is Savion some educational leaders to ques- 
tion the. sutvivebility of such trends as ocapeeanay and renfornance based 
-éducational prograns. gies example, one can ask "whose competency and pert aimense 
standards? And, more importantly, why?" Answers to this question should pro- 
gidé some visibility. of who and where the manipulators are or at least provide 
'" 4 


| . Hg ; 
some warning of the potential for Theory X assumptions, to emerge in these 


: endeavors , 
In any event it is clearly evident that aed educator will find himse/f 
oe a future with reduced opportunity to directly saat San“ the public and 
students This-paped proposes. teclnology-as-part.of a g nified theory} 
of educational needs assesanent based on the concept of ehissttondl steuandehip 
aes will be defined as -the responstbility Of each ar to asa ‘tt safe for 
others “Cinotuding organtzations ) to find. their own best nay Emphasis is place 
on reate® in order to ans a place for accountability since the ‘nacootntabie 
person or organization does not ‘appear to‘be very safe according to the demands 
of contemporary poctety. ; 
However, a dilemma is ‘Posed by this definition. Suppose a ics is about 


ae his hand on-a ‘hot stove. The dilemma revolves around the question of 


should the steward withhold the hand of the child in the name of safety or let 


f 
the child find hie c own best way and learn by burn? 


a 
3 


ea it Bs : : =" ee | 
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* ) 2 ey 
Traditional attempts to balance a trade off between freedom and safety 
have produced such manipulative schemes (some more subtle and intellectually 
legitimatized than others ) as competency and performance based educational 


programs, management by objectives, behavioral objectives, instructional 


objectives, etc. What is needed is a nethod of” ‘balancing frmaicn and safety 


ina less man native way. ee , 2G 


‘ 
Ifa fied spptoish to edudattenal need's assessment can be suggested Re 


) 
by the previous definition of educational stewardship, then, a Meereticst frame-* 


work by wes needs assessment can be developed ina less mand pate ye manner 
4 
providing a reiacrabia balance’ betwéen friedon and safety of educgtional endeavors — 


is also suggested. ; ; 


e 


\ Thre basic approaches to this framework are presented as needs assess- 
tee v ry 


uent activities in lieu of the more traditional methods which have led to CBTE, 
PBTE, etc, These are: RS. # 


1. Identify and make visible opportunities for people and/or their 
! 4 v s 
‘ ( 
=a ~ 2. Tdentify and make visible potential hazards-to people: endfor thet 
& 


, Brograns.. 


‘programs. 
3. Legitimazation of hazards and Re which have been 
illuminated. ‘ - 7 = 


e . The firs activity listed above is not treated in its paper. 


o a 


a second activity is the PEEEORED, which is. badtsinad tn the rest of 


‘this paper under the general heading ar fault Tree Analysis. - The. thira . \s 
Par?) " 
activity will be treated ee in terms of a process for ‘Legitimazation of hazards 
% \ 
once Ldentified. , 4 eg 
(eo a . 
5 . 
4, 
‘ ¢ 
ry { . 


S There are two basic approaches to analysis: (1) analysis in terms of | 
success or accomplishment of system's purpose, or (2) analysis in.terms of 
failure or non-accomplishment® of a system's purpose. 

| Analysis in terms of success, however, is much more problematic than 
aninliyete in terms of failure. Not only is ‘it difficult to achieve consensus 
as to those design characteristics and functions, the channels and inverdattenas 


\ 
which lead to system success, but ‘Saperiance has shown that in complex systgiis, 


‘ ae it is much easier to describe and antiteye oGpmenisie as to what constitutes . 
failure. When a system is functioning smoothly, 2 is not at all easy to specify 
precisely what combinations of event contribute to this state. But when 

* breakdowns occur, they are immediately apparent, although their causes and their 
"downstream" effects may be _ obscure. | \ ag 
Fault Tree Analysis (FTA) is a écantoue for enhancing the probability . 
of success in any system by analyzing the most likely modes of failure that 

5 ‘ could occur and suggesting high priority avoidance strategies ‘for those failure 

modes! It, provides a logical, step by step description of possible failure 


; ’ 


potential occurrences which could result in a predetermined i aan event “4 


(ULE. ). The fault tree was so named because the completed graphic portrayal 
of a functional system utilizes a branching process. ‘ * “ 
, It isnot the intent of this paper to present a detailed explanation 

\ of the techritque of performing a Fault Tree Analysis. Explanations of both m °° 
qualitative and quantitative analysis, examples of etriont ional and management 


# 
information applications, and prototype trees may be found in Stephens (1972). . Om 


’ . 


Desert tion of Fault’ Tree sis 


Following is a wrief overview of the steps in Fault Tree dnalyaie. . P 


It should be noted that the fault tree approach can be used in a more simplified, 4 


5. 


¥ 


4 ‘ 
‘ abbreviated form, and still be very useful. In fact, implementers have found j 
that they coyld derive useful information from any of the steps followed in 


' performing a fault tree_analysis t f 


Qualitative Fault Tree Development 


“A fault tree consists of events » interrelated by logic gates, which are 
. fomned into sequences of potential failures. The analysis begins with the maee 
ie staténent of an undesired event (UE) of eritical importance. It may be the~ “9 
failure of ‘the entire system, expressed as a failure of the mission; or it e 
-may be a fatiure identified with some subsystem or component. In any event, 
» it stands at the ine of the tree, and the analysis proceeds downward. Input’ 


: ; to the VE become contributing failure events in a perceived cause and effect 
relationship. ; o~  - ig . 
Before discussing the nature of the events, however, “it. is necessary to 
 “gtarify the concept of. logic gates” The heart of the fault tree sgprandty and 
that: which differentiates it, ay | other forms of analysis, . is the use of logic 


eats to show the ane among events.” There are two principal kinds of . 


logic pated, the AND gate and the OR gate. All other gates used are derivatives 
of these two, — ' a art , 
The AND logic gate is used when, two or more. events must coexist in 


' order to produce the more. generad event. The AND gate is symbolized graphically 
ie ee nerai € 


"by the eymbol ‘ . In the fault tree, events related by an AND gate woypld ~ ; 


be depicted as in Figure 1,‘ 


Figure 1 


THE AND GATE 


& a 


* This would be read:  Bveiits B and C must coexist.to produce Event A; or, the 
output can occur only if ‘the inputs B and Cc coexist. ” The mathematical’ equi- 
valent of this is A= (BAC), . 
— In behavioral systems ’ fnis relationship-most commonly exists when a 
subsystem or component. and one or nore backup systems-or-componente-exist—or———_——— 
, are possible within the design of the system. -.This situation occurs much less 
frequently in behavioral than in hardware systems ; and the implications of. this 
will be Gonaideres later in this paper in regard to the interpretation of the 
tree. , : 
The OR logic gate is used when, of two or more possible inputs te an 


event, any one alone could produce the output. The graphic “symbol for the >, oa 
OR gate is - In the fault tree, events related by an-OR gate would be 


depicted as in Figure 2. 


< 


oo ° 


This is to read: Either B or C alone will produce Event A. The ea Chanatioal 

equivalent of this is A=(BVC). . | . 
There are. two general kinds of OR gates--the INCLUSIVE OR and the 

EXCLUSIVE OR. In the INCLUSIVE oe situation, either R or or C or hss could re- 


sult in Event As ‘In the EXCLUSIVE OR situation, either A or B could produce 
Cc, 7 Be both A and B could not occur simultaneously, nF 
nigh either the AND or OR gates, more than two lopite may exist. Vari- 
ations of these gates ‘allow for the specification of complex relationships-- 
there are inhibit gates F priority AND gates which * spe ify the a of 
eink ‘estete gates, and others. The analysis thus rovidek precios descrip- 
* tdon of. conditions = well as modes of relationships » all of which: can be. 
exprebsed a iteeiel natty and quantified, ; ‘ 
* The other set of basic ‘symbols used in fault non analysis. depicts the. 
Ss types. of inputs or events.. “Input and output events can be classified according 
to their nature.’ The following are the most commonly used symbols for fault 


‘  trées: ( 


* 


fe 4 Figure 3 ‘shows a ‘rudinentary fault tree, ‘whiett te read as. follows: 
7 
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Rectangle: Identifies an event’ that is from a conbin. 
ation of less general fault events Sivough an associated Logic gate, All, 


events symbolized by "rectangles have additional development in the fault tree. 
‘ v y P it 
cersie , Identities a basic failvre event that requires no 


vt 


further nese enenss This could occur when the definition of an event'is 


suttttentiy explicit to enbie! thé purpose of the analysis. ‘ 


a 


” Tdentities an event which is not developed 


' 
” ‘ ” . oe ah oe 


eek ite ert BY, : wo ean 
Identifies. an event’ inet As normally ‘expected sto, 


‘ocoyr, tn the ‘systéa as defined. When conbtond with other events ” ! honéver; at 
‘ A ° oa OP eee pet ee 
“might contr{pute es a fetlure event. ° - + ' Be ad gig PS ane re ee 


~. @ 


"Event! A can be e, produced either by Event B or Event C or both. vert 3 |- 1 
sii meatainaas ia aeeaiiareiraiac AAT’ calli abana Tate a) 
‘ ie * { <2 isk : 


‘ can be produced ely by the -coexistence, of Events D and E. Event C can be 


\ produced either by Event & or ‘Event G or both." Event E is a primary or basic 
_ failure event, and Event ¥ is an event that yormally oeours, in the system, but i 
watch can dontribute to Event Ce: Events D and G are nat analyzed further in 
‘tn this tree due to reasons ‘beyond the current moons of analysis ‘of the tree. ’ 
The "bottom of the tree" for. any branch always will have ‘events de~’ 
picted by the circle, rhombus, or house. | In this example, there are two o 


\ 
branches and three levels of analysis. - 


« . 


- Figure 3 5 


: : . ! ‘ 
P : : ILLUSTRATION OF A FAULT TREE BRANCH -  * } 


For each given event, which in turn becomes a UE, failure events con-=/ 


tributing to more general undesired events can be ‘derived according to several te 


‘<models, One approach is to systematically ask questions revarding input, : 
ee processing, output, and environmental factors; i.é., ‘failures of a given com- 
ponent or Subsystem may be attributable to, failures ‘of Anput from ‘another part 
of the system, failures of processing within the~ component or subsystem -itself, 
. failures of output to another ~ of the system, or failures attributable to 
an abnormal snvitvonment, " . . , 

Figure 4 yas be used to illustrate how failure analysis can be applied 
to a system iAiat eat serially, Events A, B, and C being prerequisite con- 
ditions to Event D. In 4a the events are © ating to be operating stccessfuily; 
i.e., for success of D, a single thread of events is necessary from A to B to 
to D. In 4b the events are graphically analyzed for potefitial failure; that 
is, fatlure of D can be causef by failure of either Aor Bor C or any combin- a 
ation of them. * Be mos 

Figure 5 shows another possible system configuration, ene both con-° 

~~. current and prerequisite conditions” for success, Diagram 5a assimés “we aye —— 
to be operating suctessfully. For success of D, the flow of ‘events or infor- 
on C, before D can occur. Diagram 5B 


1 2 
shows the events as analyzed’ for potential failure., Failure of Dyan be 


mation must go from A to B then to C 


seubed only by” failure of C, and Co failing concurrently. C, can be caused 
.» by: the failure of A or:B or both; 7) can also be caused by the failure of Ae 


or B or both. a . 


a ieotiwe pea to note ‘te that At appears from Figures 4 and 5 that 
analysis for failure is simply ths Logica}, reciprocal of analysis for ‘success. 


of ' To an extent ‘this is true, in tnat experience has, Sion ‘that reduction of the 7. 


4 


' ‘Likelihood of an undesired event from occurring oaih be eccompliehed through * 
P : ; » * . $Y 


: i 4 <5 2 
2 | 5 
, ‘ 
; . a ‘ oy : “ { 
ef, : a “ Je at * we ® 
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Figure 4 


. ‘ ; COMPARISON OF ANALYSIS IN ‘SUCCESS SPACE WITH ANALYSIS IN 
2 FAILURE SPACE FOR PREREQUISITE EVENTS IN A SERIES 
“(a) system design 


es Lae 


(b) failure analysis of above system design in 
terms of’ the failure of event D 


’ 


D fails 
jeause of 
failure of 


D 


pe- 


or B or C , F. 


. . ? . 
- : (c) success analysis of system design in terms 
‘ of the success of event D 


D succeeds 
because of” 
success of \ 


ce Figure 5 
COMPARISON OF ANALYSIS IN SUCCESS SPACE WITH ANALYSIS iN 
* FAILURE SPACE FOR CONCURRENT AND PREREQUISITE EVENTS 


‘ 


(a) system design 


Ee . — 
Can 


(b) failure analysis-of above system design in . 
of ‘the failure of event D . 


“ % Y ‘ . ¢ Cy 


“4 ™ 


Figure 5 
¢ continued 


.{¢) success analysis of system design in terms_. 
of the success of event D 


changing or monitoring the sequences of events on the primary strategic paths | 
determined on a fault tree. 7 

is * Recent work with FTA of complex systems, however, has shown that 
Petvuns analysis gives perspectives on a system which go ‘beyond the staple 
“logical inversion of success analysis to failure analysis and back gain, In 
«fact, the FTA methodology aunees appearb to have a amas ig value, both for 
those participating in the selvats and the menagers and other decision pakers ; 
. td whom the results ‘and recommendations are communicated. It generates ques- 
tions about the systen which do not occur under the usual conditi of success 


Pe analysis, AAAULOMATAYs the methodology, by esitiatteg consensus / formation 
oF" / 


he” 3 vf 2 414 f 


’ ‘ ~ 23 
processes of groups; promotes team building activities which, in’turn, lead to 


greater productivity. ra 


Quantitative Fault Tree Development » = 
Derive oné or more strategic paths through quantitative Fault ree Analysis (FTA ) 


Quantitative ae Tree-Analysis utilizes Pett basic Sudgenents as “ 
follows: " 
(1) Starting with the top UE, rank ‘in ofder of relative contribution. 


(or importance ) each of the failure events leading into aa : ' Ge: \ 

’ Fon all of .the inputs through a given logic gate hes a single more ,- 
general event, determine the percentage contribu tion made by each event to the 
more general failure event above it. Percentages should sum up to 100 for each 

. . ‘ , 
event. 

® . 

(2) Determine confidencé in the percentages (strong, moderate, and } 
weak-are commonly used). 


Repeat the: above steps for the inputs to each failure evefit, working 


~- * lt 


‘systematically down through the tree.. , 
(3) Determine the appropriate frequency rating for each event at, the 
bottom or lowest level only for each branch of the tree (rarely, periodt ly ;' 
and frequently occurring are commonly used). That rating for each SNS to ~ 
an a even is determined independently of the other inputs for that same ‘event. 
(4) Determine the rectification for each’ event. (permanent damage or 
Lepcnethila to rectify, difficult to rectify, and a to rectify are ‘ commonly 
used), These Judgments a are copbines through formas ‘derived from Markov 
Processes and Boolean Algebra to yield étratagie event values in order to- 
identify strategic paths of interest ‘by inspection, ‘ 


Although.a computer program is available for deriving strategic paths 


‘ (as well a8 for drawing the tree), ‘the computations can be done by hand. On r ) - fs 
: : mrs n 


15. 


. 


trees of vor tne than 3004350 inputs ‘ ioneveit, the hand process is too time con- 
suming. Even without completing the anne tein, noveber, much valuable 
information regarding the operation of the system can be gained by simple 
“é taacaiAten of the tree. 
It is not necessary for most of the team members engaged in qualitatively . 
“teonetnneiting the tree.or quantifying it’ to imow more than the rudiments of 
fault tree principles. The main requisite isa good working knowledge of the 
« system under analysis. Team ‘members should represent many fferent levels and 
‘’ functions within the organization, as the various "levels of visibility" afforded 
by different personnel will lead te pavepeeeives differing in important respects. 
These perspectives are dealt with directly in the quantification process. Ex- 
perience has show that wide divergences of opinion can be recondiled without 
being Lghored or aubdued, Furthermore, the technique accommodates and utilizes 
both "nara" data and expert..opinion. . 


N 
a9 final step in FTA is to make recommendations based upon the stra- 


~ 
tegic path analysis. These may inelude. reallocating resources ’ ‘snatalling 
backup systems, providing for monitoring of paths with high failure potential, 
redesigning syhayotens, or taking. any other commectine ,action that seems aAd- 
visable. Displaying the fault tree and discussing the strategic paths anc 
their implications with personnel at various levels’ of the' organization often 
will bring excellent snggeationd for improvement and an increase in cooperative 


effort to SEs. toward organizational goals, and is an oie pac cedalban onl 


ak to giving visibility to needs that have been rdentiried. 


{ 


History and Background of FTW 


FTA is an operatiéns research technique in which one form has been 


used with signal success as a major analytical tool of system safety engineeping | 
. : ne i t 


@.4 


15 


\ “ f , 
‘in'‘the hardware industry. Rudimentary concepts of FTA originally were developed . 


by Bell Telephone Labonatoried as a technique for performing a safety evaluation 


‘ of the Minutemen Launch Control ‘System. Bell’ engineers ‘discovered that the. 
> oe 


method used to describe the flow of "correct" logic indata processing equip- 


« 


ment could also be used for analyzing the "false" logic resulting from compon- 


ent failures. (Haasl, 1965) .The format was also well suited to the. application’ 


. 


of probability theory in order to define nunerically the ‘critical fault modes. ° 
Additional development of the analytical and mathematical techniques of 
Fault Tree Analysis in hardware systems occurred in the.Boeing Company. For 
further descriptions of the history ag ievalotnent see Ericson (1970) and 
Stephens (1972). - ; : : ; ! 
| Since 1967, however, the authar has successfully applied FTA to a number 
e f } 


of educational, managerial, and research problems, 


An important breakthrough for FTA of’ non-hardware systems came wifh the 


~development (Stephens, 1972) of a new quantificatien scheme=for deriving stra- 


: -y4 
tegic paths through’ the use of subjective probabilities... The viability of . 4 


strategic path analysis for management decisions in educational systems hae: 
been repeatedly ielicalis through,the author's stwiygie of ite various edu- 
cational systems and problems, ; 7 - 

The FTA method used for generating inputs, tends to focus she thinking 
of the group on specifics and to organize all inputs within a systematic frame- 
work. Moreover » experience with very different kinds of fault trees (e.g., 
vocational eduction, research project ie ciaaiat aciaac college needs . 


‘ on ; \ 
assessment ) has shown that the technique has other advantages in a multi-disci- 


plinary team effort. 


1, It focuses expert knowledge and judgment from often widely et in 
disciplines and functions on a common problem and furnishes a common language 


and perspective. ‘ / 


: Aq 


- 4) ‘ 
\ R ; 
e + . ‘ 
. 
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2. It can take into iene both agreements snd divergences on the 
. "tipute and their importance, ‘i 
3. vIt allows for concentration on one area of interest at a time, 
but with the assurance that all (other areas will be systematically dealt with. 


4. By concentrating on the way the system operates, rather than on 


personalities, it introduces a non-threatening atmosphere and encourages a’ 


freer exchange of information among the members. = 


A serendipitous effect 2s FTA on participating members of an organiza- 
tion has been = Without exception, those who have actively participated 
in working with the analyst to derive inputs for the qualitative ‘and quanti- 
tative analysis have gained a new perspective of the system and have turned from 
somewhat passive members to active workers for system success. 
_ Any approach to enalysis must deal with the complexities and inter- 
depertiencies which e an inherent part of any behavioral system, A character- 
aad of systems ts that strain in any part of the system will eventually make 
“itself felt in other parts, pachans fer removed from ue stress point itself. 

It often happens, however, that a problem, such as a ‘useehiown Si cdmmuni cation, - 
is Brreeares as having its source in one ‘part of the system when, in fact, its 
"real" causes are elsewhere. 

PTA is eapabie of dealing with pual sieciareceacens of stress in the 
system, of apottdiig and analyzing redundant failure events which may have sig- 


nificant cuimilative impact, and et defining interactions pmong events; which 


appear to be unrelated. The sat beastie frocess adds poter to the al 


tive analysis in accomplishing this. a 


To sum up. FTA has been found useful as the principle analytic method 


for conducting a needs assessment under at least the following conditions: 


‘ 


1) , Whenever undesired events or concerns and factors contributing to 


those concerns can be identified; , 3 


2) Whenever differing areas of expertise must be ‘marshalled; 


3) Whenever involvement of the members of an organization needs 


structure and systematizing; 


4) Whenever a.defensible approach to resource allocation within a con- 


— 
4 i 


plex system is needed; 6 


ro x 
5) Whenever consensus as to what constitutes succass in the systemis 


_ difficult to obtain; |. : ; ‘ 
| 6) Whenever formative evaluation is necessary; 
7) Whenever the primary and arpa effects of nuture Repretong, 
must is analyzed. ; e 
It is hoped that more educators will consider cnatyots for failure 


as well as analysis for success in educational needs assessment. 


‘ 
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